Changing user password from command line in Windows

If you search the Internet how to change the password in Windows using command line you’ll easily find command like one below:

DO NOT USE IT! It doesn’t change the password, it resets it. When you reset the password this way, all things encrypted with user password are no longer accessible (unless you have the certificate backed up and want to go with manual decryption process). This includes EFS, user specific encrypted app configs, passwords, some Outlook settings etc.

So how do you do it? If you search a little longer you’ll probably find PowerShell commandlets for WinAPI methods to change AD password. Most likely this is not what you want as you have local user.

What works for me is the following C# code:

You need to add reference to System.DirectoryServices. Works on Windows Server 2012 R2 with .NET Framework 4.5.

Some people suggest you should call user.Save(), however, it throws the following exception for me:

I don’t know if that’s needed but I do it anyway. What happens if you pass incorrect old password? You get

You can try wrapping this in some PowerShell code and you should be good.